Using Social Networking for Cybervetting

Social networking sites can provide a wealth of investigative information for more than the detective focused on criminal matters. Data mined from social networking sites can be a valuable asset for an agency, providing information that can assist in pre-employment screening, post-employment promotions and, of course, investigations into officer misconduct.

As current United States Supreme Court and federal case law have substantiated, a law enforcement agency can restrict, to some degree, what its officers can present online. Your agency would be remiss in not taking advantage of the tools that are literally at its fingertips.

The practice of using information found on the Internet to determine whether a person is a viable candidate for employment is commonly referred to as “cybervetting.” Cybervetting is exactly what it sounds like—vetting an applicant in the cyber world, where, let’s face it … the majority of 20-something-year-old applicants have spent the majority of their lives. If you’re already using cybervetting as a tool, or if you’re just starting to explore the method, here are some things to consider to make cybervetting as effective—and legal—as possible. First and foremost, you need a policy that clearly states your agency will use cyber information as a supplement to pre-employment and pre-promotion screening. Just like you wouldn’t base a hire / no-hire decision based on one reference check, you cannot rely solely on an applicant’s Facebook page as the only form of investigation done into his / her background. Yes, it’s easy and it doesn’t require an investigator to leave his / her desk, but don’t discount old-fashioned police work.

Your policy must be applied uniformly and consistently to all applicants, candidates and incumbents. If you’re going to cybervet all applicants, that means all applicants. You can’t just delve into the cyber-doings of one applicant and not the others.

Since this is such a new area, with case law constantly being tested and new test cases emerging almost daily, it would be in the agency’s best interest to managerial review the cybervetting policy at least quarterly and update as necessary.

Cybervetting is useless unless it is used effectively. Be sure to cybervet as an extension of your normal background investigations. The timeframe is an agency decision, namely at what point do you begin the cybervetting process—in the applicant review stage, after the initial assessment, after the initial background check, before the standard background, last? You have to determine when the cybervetting is most economically—both monetarily and timewise—advantageous for your agency.

Remember, cybervetting is just another tool in the box to gather information about the person’s behavior. You’re looking to verify that the applicant’s behavior online is the same as you would expect in real life. You’re also looking for verification. Does the online persona / data match the application / resume? And don’t forget, online data can indicate involvement in not only criminal activity, but also association with hate groups that, in the real world, would be underground, but online is out there for all to see.

You can also use cybervetting as a tool for post-employment monitoring. Specifically, you’re looking to see if current officers are posting law enforcement-sensitive information, things that are clear policy violation or if they’re engaging in inappropriate behavior and / or commentary.

Dangers

There are, however, some dangers associated with cybervetting of which your agency should be aware. While you can ask what social networking sites an employee utilizes, you cannot ask for their password. To demand a password violates the Federal Stored Communications Act, as upheld in Pietrylo v. Hillstone Restaurant Group, Docket No. 2:06-cv-05754 (D.N.J. 2008)

Do not mine for information that is antithetical to personnel practices, especially keeping protected class information in mind—including participation with certain online sites, links, “likes” and group association. Remember that a non-decision maker can conduct Internet searches and provide the hiring manager with sanitized search results. Be aware of misleading or false information attributed to the candidate / officer. The cyber world, especially among the younger generation, can be a ruthless, ugly place where scorned friendships / relationships are played out with online commentary that is not always accurate.

It is also not uncommon for someone to access another friend’s page (usually because the user did not log out of his / her social networking site and then left the computer unattended) and post derogatory things so it looks like it originated from the unsuspecting friend.

The cybervetting investigator should be classified as someone who deals with sensitive and confidential information and is aware of policies, procedures, case law, and employment rules and regulations. Many agencies use interns, college students and secretarial staff…this is not advisable, even if they do have more cyber knowledge and time to while away on Facebook.

Notice & Consent

Giving job applicants the opportunity to decide about the collection and use of their personal information allows them to opt out of the hiring process; however, online information that is PUBLIC falls outside of this scope. Law enforcement agencies are not legally required to inform applicants about employment-related cybervetting unless the cybervetting is being performed by a third party, pursuant to The Fair Credit Reporting Act, 15 U.S.C. § 1681 and 15 U.S.C. § 1681d.

Most importantly, if the cybervetting is conducted by agency personnel, then the agency is not obligated to notify the applicant about said cybervetting. Also, if the third party conducting the cybervetting has a primary business that consists of more than providing such reports, the notice and consent rules do not apply. So, if your own people conduct their own cybervetting with publicly available information, i.e., with data found on social networking sites, your agency is well in the clear of any ramifications from the Fair Credit Reporting Act.

Cara Donlon-Cotton is a reformed newspaper reporter and a former course developer and instructor with the Georgia Public Safety Training Center. She currently teaches Media Relations and Public Relations to local law enforcement agencies. She can be reached at cdonloncotton@yahoo.com or through the Public Safety Training & Education Network at http://psten.com.